ISO 9001 in a small business

Any type, any size?

ISO 9001 is a generic standard. Any company, any size, any sector, any country. It is written to be equally applicable to a small service organisation to a large manufacturing organisation. Don’t believe the hype. I’ve helped a company with 2 employees implement the standard and I can tell you it was no fun at all Now don’t get me wrong. It is possible to implement an ISO 9001 conforming system in a very small company, but it needs a bit of skill, nifty interpretation and sprinkling of jiggery pokery. For example, the development, review and communication of the Quality Policy can be a bit of a nonsense in this context; the independence of internal audits is an inherent problem unless they are contracted out; if the company doesn’t sub-contract we might be able justify an exclusion purchasing (yes, really – it is in section 7 after all); value-adding process measures might be difficult to identify and justify (they should be able to tell you things you might not already know), and developing a procedure for control of non conforming product in a very small service provider may be no more than an exercise in box ticking. It should be in section 7, in my opinion. So flexibility and common sense is the order of the day After saying all of this, I’m not saying that ISO 9001 has no place in the land of the small, just that there’s an argument for specific guidance in these situations just to avoid the risk of implementation of crappy systems. Especially as I’m seeing an increasing number of small, agile companies with an eye on quality. We don’t want to cut them off, do we? The standard and assessment schemes should be more ready and able to embrace these start-ups.

6 Responses to ISO 9001 in a small business

Iso has plenty of bureaucratic waste in it. It’s not less waste in large companies, it’s just that they can absorb that waste better, and that the person making the decision on ISO indifferent from the person experiencing the waste.

Waste in larger companies, with greater fog created by the layers of management, becomes an accepted cost of production, particularly when margins are good enough to mask it. It is no coincidence that the most efficient companies happen to operate in the most competitive sectors. I have always maintained that efficiency always needs a reason and that companies are always as inefficient as they are allowed to be, and no better than they have to be. Anything “more” would be wasted effort, you see

ISO9001 compliant systems need not have a detailed and complex bureaucracy. I have helped install ISO9001 into a few dozen SME’s that had less than 30 employees, and even into one owned and run by Plymouth Brethren who had no computers and only used pencils.
As with any company the key is to help them create a management system that serves their needs first, and only after that run a gap analysis against ISO9001.
After all a company can run a compliant system with only half a dozen documented procedures and a couple of policies. In the case of the Brethren we had it down to seven simple flowcharts and only two forms, and they remain certified to this day, a decade after we first helped them put in their system.
Meeting the Accreditation body before even the pre-assessment and making sure they really understand the nature of the business is crucial though.

You are right, of course, Craig. I think you have also hinted that developing a functional and appropriate system and getting it past particular auditors or CBs who have never fully grasped the concept of “effectiveness” might be 2 different things

You could say you get what you pay for. I believe there is thick irony in the ridiculously exaggerated claims that CBs tend to make regarding the expertise of the auditors as “therapists”, “advisors”, “business improvement specialists” or whatever. The plain truth is that if those people were as good as was claimed, the CB would not be able to afford them